Portable electronics, computing devices, and communication devices offer a wide array of features and services that provide their users with unprecedented levels of access to information, resources, and communications. To provide such services, a computing device may execute one or more applications on the device, and may communicate with one or more communication networks, typically to send and/or receive information for the one or more applications. Computing devices that provide advanced information services are increasingly ubiquitous, and are increasingly relied on to perform important security-sensitive operations that may involve the confidential or sensitive information (e.g., credit card information, contacts, etc.). Monitoring the integrity of such computing devices for malfunctions and malicious attacks is increasingly important.
Security-sensitive operations may correspond to the execution of one or more code threads (for example, calling a sensitive API, or reading sensitive data from a peripheral device). In one method of monitoring execution events, a processor may monitor a CPU instruction stream to identify execution of a specific address in a memory. This method may be precise, but may be complicated to implement and may be unnecessarily resource intensive. In another method of monitoring execution events, the processor may monitor a cache access stream to identify a statue of a specific address in a memory. This method may be efficient, but may be inaccurate due to CPU pre-fetching optimizations. Further, neither of these known methods may be adjusted dynamically to account for, among other things, the accuracy of the measurements, or the efficiency with which the measurements may be made.